It's telling that "bring your own device" is shortened into the acronym BYOD. It's just another four-letter word that, depending on the context you use it in, is either your company's downfall or its savior. For some, it's another way to save money on the bottom line, though most people know by now that if your intention is to save money, you're barking up the wrong tree. Then there are those who know that providing their users with the right devices can boost productivity. It's not really a stretch to think this, as tons of news stories and surveys show that people are spending more time working and are producing more.
Of course, you have the other side that looks at BYOD as "bring your own disaster," just another security problem where all your corporate data just sits waiting to be misappropriated while your users goof off playing Angry Birds.
[ Subscribe to InfoWorld's Consumerization of IT newsletter today. | Get expert advice about planning and implementing your BYOD strategy with InfoWorld's in-depth "Mobile and BYOD Deep Dive" PDF special report. ]
The truth is that it's already too late to start worrying about your data being exposed. People have been taking corporate data and putting it on their own devices for years. The only difference now is that it has become much easier with new tools such as Dropbox and SugarSync to get your company's data from your internal data stores to your users' devices.
You are now stuck with a choice. One is to mandate security and lock down endpoints. This is what most companies end up doing. They control the endpoint as a way of securing the data. It's not a bad option; it's good to secure the data on the endpoint, and it makes it easier to do something when those devices are compromised. It just tends to ignore the one element it shouldn't: your users.
Once you look past people trying to steal your data from a corporate espionage point of view, you begin to realize that many data exposures are due to your users' habits. The one thing we spend the least amount of time on is our users. We discuss BYOD and how to secure the device, what apps users should use on those devices, and what policies need to be in place. We spend the very little of our time focusing on the users themselves.
